Splunk integration with ConcealBrowse Splunk integration with ConcealBrowse

Splunk integration with ConcealBrowse

Description

If you're using Splunk, you have the option to integrate that with ConcealBrowse. This allows metrics and data collected by Conceal can be seamlessly transferred into Splunk. This article will guide you through integrating Splunk with ConcealBrowse.

 

Applies to

  • Splunk

Procedure

**Before you begin: You will need to have Splunk configured for ConcealBrowse. If you need assistance please refer to the article for Splunk Configuration

There are two parameters you need to set in the Conceal plugin settings: HTTP Event Collector URL & API Key.

HTTP Event Collector URL is in the format <protocol>://<host>:<port>/<endpoint>

To break this down:

  • <protocol> is either http or https
  • <host> is the Splunk instance that runs Http Event Collector (HEC)
  • <port> is the HEC port number, which is 8088 by default, but you can change in the HEC Global Settings
  • <endpoint> is the HEC endpoint we want to use. In Conceal integration cases, we use the /services/collector/event endpoint for JavaScript Object Notation (JSON)-formatted events
    • A sample for Splunk Cloud with default settings might look like:
      https://<Splunk Host>.splunkcloud.com:8088/services/collector/event

To retrieve your API Key in your Splunk instance:

  • Click Settings > Data Inputs.
  • Click HTTP Event Collector.
  • API Key is the token value displayed in that table with the corresponding HEC name

Entering Splunk data into your Conceal Dashboard

  1. Navigate within a web browser to https://dashboard.conceal.io and login if necessary.
  2. Click on the section labeled Plugins on the left hand menu.
    Plugins_2.png
  3. Scroll down and in the PostProcess section, locate the Splunk tile and click the button labeled Configure
    Splunk.png
  4. This will bring up the form where you will need to enter the HTTP Event Collector URL & API Key retrieved in previous steps. Enter the HTTP Event Collector URL in the first field. For privacy purposes this has been blurred out.
    HTTP_Event_Collector.png
  5. Enter the Splunk HTTP Event Collector API Key in the second field.
    Splunk_API_Key.png
  6. Click to fill the checkbox for Enabled
    Enabled.png
  7. If you are using a Splunk Cloud trial account and haven’t installed an SSL certificate, you will need to select the Splunk Cloud Trial option. It allows ConcealBrowse to connect to your Splunk instance without SSL verification, which decreases security, but can be useful for evaluating the plugin on a trial Splunk account.
    Splunk_Cloud_Trial.png
  8. Click the Close button and you now have Splunk integrated with ConcealBrowse! You do not have to do anything else as a user, the integration is complete and the data is automatically sent over.

 

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.